1. 09 11月, 2017 5 次提交
  2. 19 10月, 2017 1 次提交
  3. 05 10月, 2017 1 次提交
    • A
      ovl: fix regression caused by exclusive upper/work dir protection · 85fdee1e
      Amir Goldstein 提交于
      Enforcing exclusive ownership on upper/work dirs caused a docker
      regression: https://github.com/moby/moby/issues/34672.
      
      Euan spotted the regression and pointed to the offending commit.
      Vivek has brought the regression to my attention and provided this
      reproducer:
      
      Terminal 1:
      
        mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
              merged/
      
      Terminal 2:
      
        unshare -m
      
      Terminal 1:
      
        umount merged
        mount -t overlay -o workdir=work,lowerdir=lower,upperdir=upper none
              merged/
        mount: /root/overlay-testing/merged: none already mounted or mount point
               busy
      
      To fix the regression, I replaced the error with an alarming warning.
      With index feature enabled, mount does fail, but logs a suggestion to
      override exclusive dir protection by disabling index.
      Note that index=off mount does take the inuse locks, so a concurrent
      index=off will issue the warning and a concurrent index=on mount will fail.
      
      Documentation was updated to reflect this change.
      
      Fixes: 2cac0c00 ("ovl: get exclusive ownership on upper/work dirs")
      Cc: <stable@vger.kernel.org> # v4.13
      Reported-by: NEuan Kemp <euank@euank.com>
      Reported-by: NVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      85fdee1e
  4. 05 9月, 2017 2 次提交
  5. 04 9月, 2017 1 次提交
  6. 28 7月, 2017 1 次提交
    • M
      ovl: constant d_ino for non-merge dirs · 4edb83bb
      Miklos Szeredi 提交于
      Impure directories are ones which contain objects with origins (i.e. those
      that have been copied up).  These are relevant to readdir operation only
      because of the d_ino field, no other transformation is necessary.  Also a
      directory can become impure between two getdents(2) calls.
      
      This patch creates a cache for impure directories.  Unlike the cache for
      merged directories, this one only contains entries with origin and is not
      refcounted but has a its lifetime tied to that of the dentry.
      
      Similarly to the merged cache, the impure cache is invalidated based on a
      version number.  This version number is incremented when an entry with
      origin is added or removed from the directory.
      
      If the cache is empty, then the impure xattr is removed from the directory.
      
      This patch also fixes up handling of d_ino for the ".." entry if the parent
      directory is merged.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      4edb83bb
  7. 20 7月, 2017 1 次提交
  8. 17 7月, 2017 1 次提交
    • D
      VFS: Convert sb->s_flags & MS_RDONLY to sb_rdonly(sb) · bc98a42c
      David Howells 提交于
      Firstly by applying the following with coccinelle's spatch:
      
      	@@ expression SB; @@
      	-SB->s_flags & MS_RDONLY
      	+sb_rdonly(SB)
      
      to effect the conversion to sb_rdonly(sb), then by applying:
      
      	@@ expression A, SB; @@
      	(
      	-(!sb_rdonly(SB)) && A
      	+!sb_rdonly(SB) && A
      	|
      	-A != (sb_rdonly(SB))
      	+A != sb_rdonly(SB)
      	|
      	-A == (sb_rdonly(SB))
      	+A == sb_rdonly(SB)
      	|
      	-!(sb_rdonly(SB))
      	+!sb_rdonly(SB)
      	|
      	-A && (sb_rdonly(SB))
      	+A && sb_rdonly(SB)
      	|
      	-A || (sb_rdonly(SB))
      	+A || sb_rdonly(SB)
      	|
      	-(sb_rdonly(SB)) != A
      	+sb_rdonly(SB) != A
      	|
      	-(sb_rdonly(SB)) == A
      	+sb_rdonly(SB) == A
      	|
      	-(sb_rdonly(SB)) && A
      	+sb_rdonly(SB) && A
      	|
      	-(sb_rdonly(SB)) || A
      	+sb_rdonly(SB) || A
      	)
      
      	@@ expression A, B, SB; @@
      	(
      	-(sb_rdonly(SB)) ? 1 : 0
      	+sb_rdonly(SB)
      	|
      	-(sb_rdonly(SB)) ? A : B
      	+sb_rdonly(SB) ? A : B
      	)
      
      to remove left over excess bracketage and finally by applying:
      
      	@@ expression A, SB; @@
      	(
      	-(A & MS_RDONLY) != sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) != sb_rdonly(SB)
      	|
      	-(A & MS_RDONLY) == sb_rdonly(SB)
      	+(bool)(A & MS_RDONLY) == sb_rdonly(SB)
      	)
      
      to make comparisons against the result of sb_rdonly() (which is a bool)
      work correctly.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      bc98a42c
  9. 14 7月, 2017 2 次提交
  10. 05 7月, 2017 16 次提交
  11. 29 5月, 2017 1 次提交
    • A
      ovl: mark upper merge dir with type origin entries "impure" · f3a15685
      Amir Goldstein 提交于
      An upper dir is marked "impure" to let ovl_iterate() know that this
      directory may contain non pure upper entries whose d_ino may need to be
      read from the origin inode.
      
      We already mark a non-merge dir "impure" when moving a non-pure child
      entry inside it, to let ovl_iterate() know not to iterate the non-merge
      dir directly.
      
      Mark also a merge dir "impure" when moving a non-pure child entry inside
      it and when copying up a child entry inside it.
      
      This can be used to optimize ovl_iterate() to perform a "pure merge" of
      upper and lower directories, merging the content of the directories,
      without having to read d_ino from origin inodes.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      f3a15685
  12. 18 5月, 2017 1 次提交
  13. 05 5月, 2017 1 次提交
  14. 20 4月, 2017 2 次提交
    • A
      ovl: check IS_APPEND() on real upper inode · b0990fbb
      Amir Goldstein 提交于
      For overlay file open, check IS_APPEND() on the real upper inode
      inside d_real(), because the overlay inode does not have the
      S_APPEND flag and IS_APPEND() can only be checked at open time.
      
      Note that because overlayfs does not copy up the chattr inode flags
      (i.e. S_APPEND, S_IMMUTABLE), the IS_APPEND() check is only relevant
      for upper inodes that were set with chattr +a and not to lower
      inodes that had chattr +a before copy up.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      b0990fbb
    • K
      ovl: Use designated initializers · 33006cdf
      Kees Cook 提交于
      Prepare to mark sensitive kernel structures for randomization by making
      sure they're using designated initializers. These were identified during
      allyesconfig builds of x86, arm, and arm64, with most initializer fixes
      extracted from grsecurity.
      
      For these cases, use { }, which will be zero-filled, instead of
      undesignated NULLs.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      33006cdf
  15. 02 3月, 2017 1 次提交
  16. 07 2月, 2017 3 次提交